- Description
- Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on installation directories and configuration files. This allows local users to arbitrarily create FTP users with full privileges, and escalate privileges within the operating system by modifying system files.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 7.2
- Impact score
- 10
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:C/I:C/A:C
- nvd@nist.gov
- CWE-732
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:6.2.3:*:*:*:*:linux:*:*",
"vulnerable": true,
"matchCriteriaId": "A2057B2F-6A30-4493-9E0B-E73C67470D1B"
},
{
"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:6.2.3:*:*:*:*:macos:*:*",
"vulnerable": true,
"matchCriteriaId": "CFBEB412-B9C5-4216-B30C-A2616DE155B7"
},
{
"criteria": "cpe:2.3:a:wftpserver:wing_ftp_server:6.2.3:*:*:*:*:solaris:*:*",
"vulnerable": true,
"matchCriteriaId": "29A1D238-E336-4AFB-906D-691D141A1570"
}
],
"operator": "OR"
}
]
}
]